Слияние кода завершено, страница обновится автоматически
version: "3.5"
# This "singlebox" stack will use LOCAL storage and expects to be deployed to
# a single Docker swarm host so that the volumes will always be available on
# that host. etcd, Portworx storage, and firewall management are not performed
# in this deployment, although you can still use the firewall playbook on EL7
# (at this time) hosts running iptables. If you need to run on an existing
# swarm of multiple hosts, we suggest you modify docker-compose-singlebox.yml
# and place the appropriate Docker node label contraints to pin services with
# volumes to their respective local volume hosts.
#
# This stack should deploy to any machine capable of running Docker swarm, and
# can be used to evaluate or even operate the DevOps stack tools, or possibly
# as a POC before building out further.
# NETDATA
#
# You'll need to install NetData on your host for Prometheus and Grafana.
# singlebox stack has been tested on CentOS7 and macOS.
# See https://docs.netdata.cloud/installer/#one-line-installation or
# https://github.com/netdata/netdata/wiki/Installation for further assistance
# installing NetData on your OS.
# CERTIFICATES
#
# swarmstack by default configures the reverse-proxy Caddy to generate
# self-signed HTTPS certificates, in order to protect the DevOps tools. It
# will automatically rotate this cert every 7 days.
#
# You can optionally install your own certificates into Caddy by consulting
# ./caddy/caddycerts/README.md and manually uncommenting the related lines
# in THIS file pertaining to caddy_cert and caddy_key.
#
# You can instead use free Let's Encrypt certificates by prepending the
# following to the 'docker stack deploy' command under INSTALL below.
#
# CADDY_URL=fqdn.example.com CADDY_CERT=user@example.com ADMIN_PASSWORD...
# macOS
#
# With brew installed, install NetData with 'brew install netdata'.
# You'll then need to edit:
#
# /usr/local/etc/netdata/netdata.conf
#
# and change 'localhost' to '*' to allow NetData to bind the macOS IP. Then:
#
# 'brew services restart netdata' to restart NetData with the new setting.
#
# You'll also need to expose Docker 'experimental' metrics on default port
# 9323, see this URL for instructions on macOS:
#
# https://www.brianchristner.io/how-to-monitor-docker-for-mac-windows/
#
# You might care to also update the Docker storage-driver from older "aufs" to
# "overlay2" before clicking "Apply & Restart".
# INSTALL
#
# All singlebox users will need to edit the 2 files below and add your host's
# IP address; replace all occurances of the 10.0.13.2 IP with your host IP so
# that Caddy and Prometheus can access your Docker and NetData installations:
#
# ./caddy/Caddyfile-singlebox
# ./prometheus/conf/prometheus-singlebox.yml
# Finally, after you've initalized swarm mode on the single Docker host or
# macOS with 'docker swarm init', and your host responds to 'docker node ls',
# you won't run any of the ansible playbooks from swarmstack, instead just
# deploy this pre-configured docker-compose-singlebox.yml stack with, noting
# to optionally add CADDY_CERT, CADDY_KEY, and CADDY_URL as above if needed.
# ADMIN_PASSWORD='changeme!42' docker stack deploy -c docker-compose-singlebox.yml swarmstack
# You should then be able to surf to http://127.0.0.1 and access each tool as
# 'admin' and the ADMIN_PASSWORD you've set.
# UNINSTALL
#
# docker stack rm swarmstack && docker volume prune
# RE-INITIALIZE A SERVICE
#
# docker stack rm swarmstack && docker volume rm swarmstack_grafana &&
# (deploy as above ADMIN_PASSWORD=' CADDY_... docker stack deploy -c...)
# Below is the docker compose file, you should only need to edit all caddy_key
# and caddy_cert occurances below if using certificates or Let's Encrypt.
networks:
net:
driver: overlay
driver_opts:
encrypted: "true"
attachable: true
volumes:
alertmanager:
alertmanagerB:
caddycerts:
grafana:
portainer_data:
portainer_certs:
prometheus:
configs:
alertmanager_config:
file: ./alertmanager/conf/alertmanager.yml
name: alertmanager_config$CONFALERTMANANGER
caddy_config:
file: ./caddy/Caddyfile-singlebox
name: caddy_config$CONFCADDY
caddy_www:
file: ./caddy/index-singlebox.html
name: caddy_www$CONFCADDY
#caddy_cert:
# file: ./caddy/caddycerts/cert.pem
# name: caddy_cert$CONFCADDYCERT
#caddy_key:
# file: ./caddy/caddycerts/key.pem
# name: caddy_key$CONFCADDYCERT
docker_garbage_collection:
file: ./docker-gc-exclude
name: docker_garbage_collection$CONFDOCKERGC
grafana_dashboards_nodes:
file: ./grafana/dashboards/nodes-netdata-dockerd-cadvisor.json
#file: ./grafana/dashboards/nodes-node-exporter-dockerd-cadvisor.json
name: grafana_dashboards_nodes$CONFGRAFANADASH
grafana_dashboards_containers:
file: ./grafana/dashboards/containers-netdata-dockerd-cadvisor.json
#file: ./grafana/dashboards/containers-node-exporter-dockerd-cadvisor.json
name: grafana_dashboards_containers$CONFGRAFANADASH
grafana_dashboards_prometheus_2_stats:
file: ./grafana/dashboards/prometheus-2-stats.json
name: grafana_dashboards_prometheus_2_stats$CONFGRAFANADASH
grafana_provisioning_datasources:
file: ./grafana/datasources/prometheus.yaml
grafana_provisioning_dashboards:
file: ./grafana/dashboards.yml
karma_conf:
file: ./karma/karma.yaml
name: karma_conf$CONFKARMA
prometheus_conf:
file: ./prometheus/conf/prometheus-singlebox.yml
name: prometheus_conf$CONFPROM
prometheus_rules_nodes:
file: ./prometheus/rules/nodes.yml
name: prometheus_rules_nodes$CONFPROMRULES
prometheus_rules_containers:
file: ./prometheus/rules/containers.yml
name: prometheus_rules_containers$CONFPROMRULES
services:
alertmanager:
image: prom/alertmanager:latest
command:
- '--config.file=/etc/alertmanager/alertmanager.yml'
- '--storage.path=/alertmanager'
- '--cluster.listen-address=0.0.0.0:9094'
- '--cluster.advertise-address=:9094'
- '--cluster.peer=alertmanagerB:9094'
configs:
- source: alertmanager_config
target: /etc/alertmanager/alertmanager.yml
deploy:
labels:
prometheus.enable: "true"
prometheus.port: "9093"
prometheus.path: "/metrics"
mode: replicated
replicas: 1
resources:
limits:
memory: 128M
reservations:
memory: 64M
healthcheck:
test: "/bin/wget -q -Y off http://localhost:9093/metrics -O /dev/null > /dev/null 2>&1"
interval: 25s
timeout: 3s
start_period: 30s
networks:
- net
volumes:
- alertmanager:/alertmanager
alertmanagerB:
image: prom/alertmanager:latest
command:
- '--config.file=/etc/alertmanager/alertmanager.yml'
- '--storage.path=/alertmanager'
- '--cluster.listen-address=0.0.0.0:9094'
- '--cluster.advertise-address=:9094'
- '--cluster.peer=alertmanager:9094'
configs:
- source: alertmanager_config
target: /etc/alertmanager/alertmanager.yml
deploy:
labels:
prometheus.enable: "true"
prometheus.port: "9093"
prometheus.path: "/metrics"
mode: replicated
replicas: 1
resources:
limits:
memory: 128M
reservations:
memory: 64M
healthcheck:
test: "/bin/wget -q -Y off http://localhost:9093/metrics -O /dev/null > /dev/null 2>&1"
interval: 25s
timeout: 3s
start_period: 30s
networks:
- net
volumes:
- alertmanagerB:/alertmanager
caddy:
image: swarmstack/caddy:no-stats
configs:
- source: caddy_config
target: /etc/Caddyfile
- source: caddy_www
target: /www/index.html
#- source: caddy_cert
# target: /etc/caddycerts/cert.pem
#- source: caddy_key
# target: /etc/caddycerts/key.pem
deploy:
labels:
prometheus.enable: "true"
prometheus.port: "9180"
prometheus.path: "/metrics"
mode: replicated
replicas: 1
resources:
limits:
memory: 128M
reservations:
memory: 64M
environment:
- ADMIN_USER=${ADMIN_USER:-admin}
- ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin}
- CADDYPATH=/etc/caddycerts
- CADDY_CERT=${CADDY_CERT:-self_signed}
- CADDY_KEY=${CADDY_KEY:-}
- CADDY_URL=${CADDY_URL:-}
- PUSH_USER=${PUSH_USER:-pushuser}
- PUSH_PASSWORD=${PUSH_PASSWORD:-pushpass}
#- http_proxy=http://proxy.example.com:80
#- https_proxy=https://proxy.example.com:443
#- no_proxy=10.0.0.0/8,.example.com
networks:
- net
ports:
- "80:80"
- "443:443"
- "3000:3000"
- "9000:9000"
- "9090:9090"
- "9091:9091"
- "9093:9093"
- "9094:9094"
- "9095:9093"
- "19998:19999"
volumes:
- caddycerts:/etc/caddycerts
cadvisor:
image: gcr.io/google-containers/cadvisor:v0.36.0
command: -logtostderr -docker_only
deploy:
labels:
prometheus.enable: "true"
prometheus.port: "8080"
prometheus.path: "/metrics"
mode: global
resources:
limits:
memory: 128M
reservations:
memory: 64M
networks:
- net
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
docker-gc:
image: clockworksoul/docker-gc-cron:latest
configs:
- source: docker_garbage_collection
target: /etc/docker-gc-exclude
deploy:
mode: global
resources:
limits:
memory: 128M
reservations:
memory: 64M
environment:
- CRON=25 11 * * *
# By default, docker will not remove an image if it is tagged in multiple repositories. If
# you have a server running docker where this is the case, for example in CI environments
# where dockers are being built, re-tagged, and pushed, you can set this flag to 1 to override.
- FORCE_IMAGE_REMOVAL=1
# By default, if an error is encountered when cleaning up a container, Docker will report the
# error back and leave it on disk. This can sometimes lead to containers accumulating. If
# you run into this issue, you can force the removal of the container by setting this flag.
- FORCE_CONTAINER_REMOVAL=1
# By default, docker-gc will not remove a container if it exited less than 1 hour ago.
# Set the GRACE_PERIOD_SECONDS variable to override this default.
- GRACE_PERIOD_SECONDS=3600
# By default, docker-gc will proceed with deletion of containers and images. To test your
# settings set the DRY_RUN variable to override this default
- DRY_RUN=0
# By default, this process will leave any dangling volumes untouched. To instruct the
# process to automatically clean up any dangling volumes, simply set this value to 1.
- CLEAN_UP_VOLUMES=0
# If you don't like all your log output and cron times being in UTC, you can set the
# TZ variable to override the default.
#- TZ=America/Chicago
volumes:
- /var/run/docker.sock:/var/run/docker.sock
grafana:
image: grafana/grafana:latest
configs:
- source: grafana_dashboards_nodes
target: /etc/grafana/dashboards/nodes.json
- source: grafana_dashboards_containers
target: /etc/grafana/dashboards/containers.json
- source: grafana_dashboards_prometheus_2_stats
target: /etc/grafana/dashboards/prometheus-2-stats.json
- source: grafana_provisioning_dashboards
target: /etc/grafana/provisioning/dashboards/dashboards.yml
- source: grafana_provisioning_datasources
target: /etc/grafana/provisioning/datasources/prometheus.yaml
deploy:
labels:
prometheus.enable: "true"
prometheus.port: "3000"
prometheus.path: "/metrics"
mode: replicated
replicas: 1
resources:
limits:
memory: 256M
reservations:
memory: 128M
environment:
- GF_SECURITY_ADMIN_USER=${ADMIN_USER:-admin}
- GF_SECURITY_ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin}
- GF_USERS_ALLOW_SIGN_UP=false
#- GF_PATHS_PROVISIONING=/etc/grafana/provisioning/
#- GF_SERVER_ROOT_URL=${GF_SERVER_ROOT_URL:-localhost}
#- GF_SMTP_ENABLED=${GF_SMTP_ENABLED:-false}
#- GF_SMTP_FROM_ADDRESS=${GF_SMTP_FROM_ADDRESS:-grafana@test.com}
#- GF_SMTP_FROM_NAME=${GF_SMTP_FROM_NAME:-Grafana}
#- GF_SMTP_HOST=${GF_SMTP_HOST:-smtp:25}
#- GF_SMTP_USER=${GF_SMTP_USER}
#- GF_SMTP_PASSWORD=${GF_SMTP_PASSWORD}
#- http_proxy=http://proxy.example.com:80
#- https_proxy=https://proxy.example.com:443
#- no_proxy=10.0.0.0/8,.example.com
healthcheck:
test: "wget -q -Y off -O /dev/null http://localhost:3000/login > /dev/null 2>&1"
interval: 25s
timeout: 3s
start_period: 120s
networks:
- net
volumes:
- grafana:/var/lib/grafana
karma:
image: lmierzwa/karma:v0.74
configs:
- source: karma_conf
target: /karma.yaml
deploy:
labels:
prometheus.enable: "true"
prometheus.port: "8080"
prometheus.path: "/metrics"
mode: replicated
replicas: 1
networks:
- net
kthxbye:
image: lmierzwa/kthxbye:v0.9
command:
- '-alertmanager.uri'
- 'http://alertmanager:9093'
- '-extend-if-expiring-in'
- '5m'
- '-extend-by'
- '12h'
- '-extend-with-prefix'
- 'ACK'
- '-interval'
- '60s'
- '-max-duration'
- '0'
deploy:
mode: replicated
replicas: 1
labels:
prometheus.enable: "true"
prometheus.port: "8080"
prometheus.path: "/metrics"
networks:
- net
portainer:
image: portainer/portainer:latest
command: -H tcp://tasks.portainer-agent:9001 --tlsskipverify
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
networks:
- net
volumes:
- portainer_data:/data
- portainer_certs:/certs
portainer-agent:
image: portainer/agent:latest
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
environment:
- AGENT_CLUSTER_ADDR=tasks.portainer-agent
- LOG_LEVEL=warn
networks:
- net
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
prometheus:
image: prom/prometheus:latest
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.path=/prometheus'
- '--storage.tsdb.retention.time=48h'
- '--web.enable-admin-api'
configs:
- source: prometheus_conf
target: /etc/prometheus/prometheus.yml
- source: prometheus_rules_nodes
target: /etc/prometheus/nodes.yml
- source: prometheus_rules_containers
target: /etc/prometheus/containers.yml
deploy:
labels:
prometheus.enable: "true"
prometheus.port: "9090"
prometheus.path: "/metrics"
mode: replicated
replicas: 1
resources:
limits:
memory: 2048M
reservations:
memory: 1024M
healthcheck:
test: "/bin/wget -q -Y off http://localhost:9090/status -O /dev/null > /dev/null 2>&1"
interval: 25s
timeout: 3s
start_period: 60s
networks:
- net
volumes:
- prometheus:/prometheus
pushgateway:
image: prom/pushgateway:latest
deploy:
mode: replicated
replicas: 1
resources:
limits:
memory: 512M
reservations:
memory: 128M
healthcheck:
test: "/bin/wget -q -Y off http://localhost:9091/ -O /dev/null > /dev/null 2>&1"
interval: 25s
timeout: 3s
start_period: 30s
networks:
- net
Вы можете оставить комментарий после Вход в систему
Неприемлемый контент может быть отображен здесь и не будет показан на странице. Вы можете проверить и изменить его с помощью соответствующей функции редактирования.
Если вы подтверждаете, что содержание не содержит непристойной лексики/перенаправления на рекламу/насилия/вульгарной порнографии/нарушений/пиратства/ложного/незначительного или незаконного контента, связанного с национальными законами и предписаниями, вы можете нажать «Отправить» для подачи апелляции, и мы обработаем ее как можно скорее.
Опубликовать ( 0 )